// Level 4 · Control detail
A03:2021CriticalOWASP Web · Top 10 (2021)
Injection
User-supplied data is not validated, filtered, or sanitized by the application. SQL, NoSQL, OS, LDAP injection. CWE-79, CWE-89, CWE-73.
Get AI-powered control detail
Plain-English explanation, CLI checks, portal steps, remediation, automation snippets, and cross-framework mappings.
3/3 free lookups remaining today
Related controls in other frameworks
finding related controls…